diff options
author | Samuel Weiser <samuel.weiser@iaik.tugraz.at> | 2017-09-29 13:29:25 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-09-29 13:06:25 -0400 |
commit | 6364475a990449ef33fc270ac00472f7210220f2 (patch) | |
tree | 65ee29c138c093dce915dcfb2d1bc38a6a0c76c1 /crypto/dsa | |
parent | 681acb311bb7c68c9310d2e96bf2cf0e35443a22 (diff) |
Added const-time flag to DSA key decoding to avoid potential leak of privkey
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4440)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 7c0428d3f6..fbb9121469 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -175,6 +175,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) goto dsaerr; } + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; |